Anetac’s Tim Eades on securing dormant identities, scaling AI-driven threat detection, and building a proactive security culture in today’s hybrid digital landscape.
Tim, could you begin by describing your journey to co-founding Anetac and the vision behind creating a dynamic identity and security platform?
My journey to becoming co-founder of Anetac is rooted in both humble beginnings and a passion for technology. Growing up in a poor neighborhood in England, I learned grit and perseverance early on. This drive led me to pursue a college degree, where I had to forge my father’s signature on my application. I was scrappy, starting out and working hard to eventually become the CEO of four companies and an investor in numerous security firms over two decades.
The idea for Anetac was born during a pub discussion about the scale of the identity problem in cybersecurity. Realizing its severity, I assembled a team of seven founders with a deep understanding of identity vulnerability and security challenges. We conducted extensive customer interviews across various industries, and a recurring theme emerged.
What we learned is that organizations do not actually know how many machine or non-human identities they have, when they were created, what they are connected to, or why. These over-privileged, poorly monitored and even forgotten non-human identities include service accounts, APIs, tokens, and access keys, and they are an attractive, easy target for threat actors.
Our vision for the Anetac Dynamic Identity Vulnerability and Security SaaS Platform was to address these prevalent challenges with an equally dynamic solution. We aimed to lead the discovery, understanding, and prioritization of identity-based vulnerabilities within hybrid environments while automating treatment plans to reduce the attack surface.
What are some of the key risks associated with dormant service accounts, and how are they affecting enterprises across various industries?
Dormant service accounts are typically defined as those inactive for 90 days or more, and they pose significant security risks to enterprises across various industries. These accounts often go unnoticed or forgotten, with organizations unaware of their existence, much less their access privileges, connected systems, or even their original purpose. This invisibility, combined with their often elevated privileges and lax security measures, makes them prime targets for cyber attackers.
The primary risks associated with dormant service accounts include unauthorized access, data breaches, and compliance violations. Attackers can exploit these accounts to gain significant access to systems and sensitive data, often without raising immediate suspicion. Once compromised, these accounts can be used to elevate privileges, exfiltrate data, disrupt operations, and install malware or backdoors. The biggest weakness of dormant accounts is typically the age of their passwords, as password reuse and exposure are a widespread issue and the number one enabler of breaches.
Real-world examples highlight the severity of these risks. In January 2024, Microsoft suffered a breach where attackers used a password spray attack on a dormant non-production administrator account, gaining access to sensitive emails and data. Similarly, in February 2024, Tangerine, an Australian telecom company, lost the personal data of 232,000 customers due to a breach involving a legacy account with weak credentials. These incidents underscore how dormant service accounts can put organizations at serious risk across industries, from tech giants to telecom companies, leading to data breaches, operational disruptions, regulatory compliance violations, legal repercussions and significant reputational damage.
When a compromised service account is discovered, what immediate steps should an organization take to address the breach effectively?
Actions upon a service account breach should begin way before, assuming that the service account will be breached in the first place. This starts with an accurate understanding of where the service account is being used and the business processes that would be disrupted if that account were compromised. All service accounts should be graded according to their criticality. The criticality of the service account would dictate the immediate actions required in the event of a compromise.
Once a breach occurs, the organization’s first step should be automated or manually isolating the compromised account to prevent further access or escalation of privileges. In parallel, a real-time audit of activities associated with the account must be initiated to assess the scope of the breach, particularly focusing on high-risk or sensitive data accessed.
Based on the criticality of the service account, recovery could involve credential rotation, either by resetting passwords or API keys or leveraging tools like automated secret management solutions (e.g., AWS Secrets Manager, Azure Key Vault) to seamlessly rotate credentials without service disruption.
Where privileged access is involved, immediate privileged access review and restriction should occur, limiting the account to only essential functions until a full investigation is complete.
A well-rehearsed failover plan should be implemented for critical service accounts that power essential infrastructure to ensure business continuity while the compromised account is being investigated.
If the compromised service account is used across multiple systems or applications, consider re-provisioning or replacing the account altogether and conducting a thorough forensic investigation to determine the cause and prevent future breaches.
Lastly, the breach should trigger a lessons-learned session to refine security practices and update incident response playbooks to improve detection, faster response, and tighter governance of service accounts. This proactive approach ensures better preparedness for future compromises and strengthens the organization’s overall identity security posture management.
How critical is it to understand the activity chains associated with service accounts, and what impact can terminating an account have on essential business processes?
Understanding the activity chains associated with service accounts is critical for maintaining security and operational continuity within an organization. Service accounts, particularly those with extensive administrative privileges, serve as key access points throughout a system or network. These accounts often hold the power to navigate and interact with other systems and data, making them valuable targets for bad actors. If a malicious entity compromises a service account with broad administrative access, it could leverage this position to move laterally within the network and exfiltrate sensitive corporate data. Therefore, having a clear understanding of each service account’s activity chain – the systems it interacts with, the data it can access, and the processes it supports – is crucial for effective vulnerability security management and risk mitigation.
From an operational perspective, the importance of comprehending these activity chains becomes even more apparent when considering the potential impact of account termination. Terminating a service account without a thorough understanding of its connections and dependencies could inadvertently disrupt essential business operations. This disruption could lead to system failures, data inaccessibility, or breakdowns in automated processes, all of which could require significant time and resources to investigate and rectify. Moreover, hastily terminating an account without proper analysis could create security vulnerabilities if the account’s functions are critical to maintaining certain security protocols. Therefore, a comprehensive understanding of service account activity chains is not just a security measure but a vital component of maintaining smooth business operations and avoiding unnecessary operational risks.
In your experience, what strategies are most effective for cultivating a security-aware culture within an organization?
Cultivating a security-aware culture within an organization starts from the top down, with C-level leaders and managers emphasizing the importance of a shared mission and responsibility for cybersecurity. Effective strategies include leading by example, where leaders set the operational tempo for security awareness through vigilant and informed decision-making. Creating an environment of psychological safety is crucial, allowing employees to voice concerns about potential security risks without fear of retribution. This openness, combined with transparent communication about security risks and mitigation efforts, builds trust and reinforces the importance of security throughout the organization.
Furthermore, fostering a security-aware culture involves promoting shared responsibility, where every employee is expected to make good decisions regarding cybersecurity. This is supported by actionable awareness training that goes beyond mere lip service, ensuring employees understand how to actively mitigate risks in their daily work. Developing and regularly updating incident response plans demonstrates a proactive approach to security. Lastly, adopting a human-first approach to security, which recognizes the psychological aspects of security behavior, is essential. By investing in the human element of security awareness and encouraging continuous learning and adaptation, organizations can create a robust defense against evolving cyber threats that extends beyond just technological solutions.
Can you discuss the role of good cyber hygiene in conjunction with modern identity security solutions, and why it is essential for comprehensive protection?
Good cyber hygiene and modern identity vulnerability security solutions work in tandem to provide comprehensive protection for organizations. While cyber hygiene encompasses fundamental practices like regular password updates, proper account management, and adherence to least privilege principles, modern identity security solutions like Anetac’s platform enhance these practices with advanced capabilities. The Anetac solution provides real-time, streaming discovery and monitoring of all non-human and human identity accounts , and automated analysis of access chains, patterns, and behaviors. This combination allows organizations to maintain best of breed security standards and quickly detect and respond to anomalies that might indicate a compromise, particularly in complex areas like dormant service account management.
The synergy between cyber hygiene and modern identity solutions is essential for addressing the multifaceted nature of today’s security challenges. Good hygiene practices foster a security-conscious culture and ensure employee participation in maintaining security. Meanwhile, advanced identity solutions provide the technological backbone to manage the intricate landscape of identity vulnerabilities in hybrid environments. Together, they create a robust defense strategy that addresses both human and technological factors. This comprehensive approach is crucial for effectively reducing the risk of breaches, maintaining a strong security posture, and navigating the complexities of modern IT infrastructures where traditional security measures alone are no longer sufficient.
How does Anetac’s platform provide real-time visibility into the service account landscape, and what makes this capability crucial for hybrid environments?
Anetac’s Dynamic Identity Vulnerability and Security Platform provides real-time streaming visibility into non-human and human identity accounts, offering a comprehensive view of identity security posture management in hybrid environments. Unlike static scanning tools, the Anetac platform excels at real-time streaming for identity vulnerability discovery, monitoring non-human and human accounts, mapping their chains of access, and automating classification driven AI behavioral analysis. Anetac dynamically detects unusual activity and alerts to expedite incident response and necessary remediation. This real-time capability reduces the attack surface, enabling security teams to quickly identify and remediate vulnerabilities before malicious actors can exploit them.
This real-time visibility is crucial for hybrid environments due to their complex and dynamic nature. In such environments, service accounts often span across on-premises and cloud infrastructures, making them challenging to monitor and secure using traditional methods. Anetac’s platform addresses this challenge by providing streaming capabilities that allow enterprises to find both human and machine accounts and receive real-time updates on their activities. This continuous monitoring enables the detection of abnormal behavior, even in dormant accounts that might otherwise go unnoticed. Since 80% of breach attempts aim first at identities and the systems that manage them, Anetac’s real-time visibility becomes a critical tool for maintaining security posture and preventing breaches in modern hybrid enterprise environments.
What are the benefits of integrating continuous monitoring and behavioral analysis into a security strategy, particularly with regard to service accounts?
Integrating continuous monitoring and behavioral analysis into a security strategy offers several crucial benefits, especially when dealing with service accounts. First, it provides real-time visibility into account activities, allowing organizations to detect anomalies and potential threats immediately rather than relying on periodic checks. Continuous monitoring can help to identify dormant accounts, unusual access patterns, or sudden changes in behavior that could indicate a compromise. Organizations can establish baselines for regular account activity by constantly analyzing behavior over time and quickly flagging deviations.
This approach significantly enhances an organization’s ability to manage the complex landscape of service accounts in modern, hybrid environments. It allows for the mapping of access chains, illuminating the intricate connections between service accounts, critical resources, and business processes.
Given Anetac’s recent Series A funding, what are your plans for the company’s growth and development in the coming years?
We launched out of stealth on May 6, 2024, with customers and our Series A funding. Since then, we have been building up our customer base, adding 1-2 new customers every week.
We have both the right product and the right team to make Anetac the leader in discovering, understanding, qualifying, and prioritizing identity-based vulnerabilities inside an enterprise.
How do you foresee the evolution of identity and security platforms, and what future advancements do you anticipate in the realm of service account management and threat detection?
Identity and security platforms are likely to evolve towards more advanced AI and machine learning capabilities, enabling predictive threat detection and automated response mechanisms. Future advancements in service account management will likely focus on enhanced real-time visibility across hybrid and multi-cloud environments, coupled with more sophisticated behavioral analytics. We can also anticipate increased integration of zero-trust principles and adaptive authentication methods to further secure service accounts against emerging threats.
Tim Eades
CEO & co-founder, Anetac
Timothy Eades serves as Chief Executive Officer and Co-Founder at Anetac and is a General Partner and Fellow Founder of Cyber Mentor Fund. With over 20 years of leadership experience in sales, marketing, and executive management at the CEO level, he has deep expertise in driving high growth for computing, security, and enterprise software companies. Prior to Anetac, Tim served as CEO at vArmour for nearly a decade and was the CEO at Silver Tail Systems from March 2010 until the company was acquired by RSA, the security division of EMC, in late 2012. Prior to leading Silver Tail Systems, he was CEO of Everyone.net, an SMB-focused SaaS company that was acquired by Proofpoint. He has also held sales and marketing executive leadership positions at BEA Systems, Sana Security, Phoenix Technologies, and IBM. He is a prolific angel investor and passionately shares his time and expertise with cybersecurity founders through his work at Cyber Mentor Fund. He is an experienced Board Director and currently serves as the Executive Chairman for Okera. He holds advanced degrees in business, international marketing, and financial analysis, primarily from Solent University in England.